urlscan.io logo urlscan.io
SecurityTrails logo

www2.ekii-net.com.asfwxzs.top Open in urlscan Pro
35.243.79.70  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www2.ekii-net.com.asfwxzs.top/
Effective URL: https://www2.ekii-net.com.asfwxzs.top/dist/
Submission: On October 25 via automatic, source phishtank — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 35.243.79.70, located in Tokyo, Japan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www2.ekii-net.com.asfwxzs.top.
TLS certificate: Issued by R3 on October 23rd 2022. Valid for: 3 months.
This is the only time www2.ekii-net.com.asfwxzs.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JR East (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 10 35.243.79.70 396982 (GOOGLE-CL...)
9 2
Apex Domain
Subdomains		 Transfer
10 asfwxzs.top
www2.ekii-net.com.asfwxzs.top
1 MB
9 1
Domain Requested by
10 www2.ekii-net.com.asfwxzs.top 1 redirects www2.ekii-net.com.asfwxzs.top
9 1

This site contains links to these domains. Also see Links.

Domain
www.eki-net.com
secure.okbiz.okwave.jp
www.jreast.co.jp
my.jreast.co.jp
Subject Issuer Validity Valid
www2.ekii-net.com.asfwxzs.top
R3		 2022-10-23 -
2023-01-21		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www2.ekii-net.com.asfwxzs.top/dist/
Frame ID: 8E42619B0B16BCCEA93655E76F45CB0C
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

えきねっと(JR東日本)|ログイン

Page URL History Show full URLs

  1. https://www2.ekii-net.com.asfwxzs.top/ Page URL
  2. https://www2.ekii-net.com.asfwxzs.top/load.php Page URL
  3. https://www2.ekii-net.com.asfwxzs.top/dist HTTP 301
    https://www2.ekii-net.com.asfwxzs.top/dist/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1371 kB
Transfer

1826 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www2.ekii-net.com.asfwxzs.top/ Page URL
  2. https://www2.ekii-net.com.asfwxzs.top/load.php Page URL
  3. https://www2.ekii-net.com.asfwxzs.top/dist HTTP 301
    https://www2.ekii-net.com.asfwxzs.top/dist/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www2.ekii-net.com.asfwxzs.top/ 		339 B
483 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
56849ba1a18c44af7cdea26d63d2900f97b06eb522ccbf88466760ca8525ee4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 25 Oct 2022 16:15:26 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
load.php
www2.ekii-net.com.asfwxzs.top/ 		66 B
327 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/load.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www2.ekii-net.com.asfwxzs.top
Referer
https://www2.ekii-net.com.asfwxzs.top/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 25 Oct 2022 16:15:26 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
Primary Request /
www2.ekii-net.com.asfwxzs.top/dist/
Redirect Chain
  • https://www2.ekii-net.com.asfwxzs.top/dist
  • https://www2.ekii-net.com.asfwxzs.top/dist/
975 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/dist/
Requested by
Host: www2.ekii-net.com.asfwxzs.top
URL: https://www2.ekii-net.com.asfwxzs.top/load.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
92d7a9c9b613d0bd587a37043df4c09588d55f2d1aa7f2386691ee93a2102000
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www2.ekii-net.com.asfwxzs.top/load.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ranges
bytes
content-length
975
content-type
text/html
date
Tue, 25 Oct 2022 16:15:26 GMT
etag
"635471e4-3cf"
last-modified
Sat, 22 Oct 2022 22:42:44 GMT
server
nginx
strict-transport-security
max-age=31536000

Redirect headers

content-length
162
content-type
text/html
date
Tue, 25 Oct 2022 16:15:26 GMT
location
https://www2.ekii-net.com.asfwxzs.top/dist/
server
nginx
strict-transport-security
max-age=31536000
index.7ae5661b.js
www2.ekii-net.com.asfwxzs.top/dist/assets/ 		372 KB
130 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/dist/assets/index.7ae5661b.js
Requested by
Host: www2.ekii-net.com.asfwxzs.top
URL: https://www2.ekii-net.com.asfwxzs.top/dist/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
db2e42355669fdf4c0221abb55b84d6bb40f719ddf577508b38c26097f54d75a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www2.ekii-net.com.asfwxzs.top/dist/
Origin
https://www2.ekii-net.com.asfwxzs.top
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 16:15:26 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Sat, 22 Oct 2022 22:43:05 GMT
server
nginx
etag
W/"635471f9-5ce7d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Wed, 26 Oct 2022 04:15:26 GMT
index.002af54a.css
www2.ekii-net.com.asfwxzs.top/dist/assets/ 		252 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/dist/assets/index.002af54a.css
Requested by
Host: www2.ekii-net.com.asfwxzs.top
URL: https://www2.ekii-net.com.asfwxzs.top/dist/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
d0643fca972b5dfb976f10ac38b52a8caaca494ac8a436eea2b905a862952a94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www2.ekii-net.com.asfwxzs.top/dist/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 16:15:26 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Sat, 22 Oct 2022 22:43:05 GMT
server
nginx
etag
W/"635471f9-3ee68"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Wed, 26 Oct 2022 04:15:26 GMT
checktoken.php
www2.ekii-net.com.asfwxzs.top/api/ 		13 B
245 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/api/checktoken.php
Requested by
Host: www2.ekii-net.com.asfwxzs.top
URL: https://www2.ekii-net.com.asfwxzs.top/dist/assets/index.7ae5661b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
aa3d21398252adb9f16b5208884b4da22eec9f2019a0139b114a61f178396794
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
application/json, text/plain, */*
Referer
https://www2.ekii-net.com.asfwxzs.top/dist/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 25 Oct 2022 16:15:27 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
expires
Thu, 19 Nov 1981 08:52:00 GMT
logo_ekinet.3f7c549c.png
www2.ekii-net.com.asfwxzs.top/dist/assets/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.ekii-net.com.asfwxzs.top/dist/assets/logo_ekinet.3f7c549c.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www2.ekii-net.com.asfwxzs.top/dist/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 16:15:27 GMT
strict-transport-security
max-age=31536000
last-modified
Sat, 22 Oct 2022 22:43:06 GMT
server
nginx
etag
"635471fa-1d38"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
7480
expires
Thu, 24 Nov 2022 16:15:27 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		166 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
notosanscjkjp-regular_subset.434379a9.woff
www2.ekii-net.com.asfwxzs.top/dist/assets/ 		1 MB
1 MB 		Font
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/dist/assets/notosanscjkjp-regular_subset.434379a9.woff
Requested by
Host: www2.ekii-net.com.asfwxzs.top
URL: https://www2.ekii-net.com.asfwxzs.top/dist/assets/index.002af54a.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
434379a92cc3af5ca03ccb2bfaadc7f2b8224b1b49f310ec5f4d27ca36777520
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www2.ekii-net.com.asfwxzs.top/dist/assets/index.002af54a.css
Origin
https://www2.ekii-net.com.asfwxzs.top
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 16:15:27 GMT
strict-transport-security
max-age=31536000
last-modified
Sat, 22 Oct 2022 22:43:07 GMT
server
nginx
etag
"635471fb-128eb4"
content-type
font/woff
accept-ranges
bytes
content-length
1216180
truncated
/ 		548 B
548 B 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

Referer
Origin
https://www2.ekii-net.com.asfwxzs.top
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
font/woff
api.php
www2.ekii-net.com.asfwxzs.top/api/ 		13 B
334 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www2.ekii-net.com.asfwxzs.top/api/api.php?act=online
Requested by
Host: www2.ekii-net.com.asfwxzs.top
URL: https://www2.ekii-net.com.asfwxzs.top/dist/assets/index.7ae5661b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.243.79.70 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.79.243.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
9cbb029ed73eb93a0dfe76faa5d0f9f99d26a00a1c1ce1b96af2cfb9c1ef8fd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
application/json, text/plain, */*
Referer
https://www2.ekii-net.com.asfwxzs.top/dist/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 25 Oct 2022 16:15:29 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
http://localhost:3000
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
*
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JR East (Transportation)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

2 Cookies

Domain/Path Name / Value
www2.ekii-net.com.asfwxzs.top/ Name: PHPSESSID
Value: pb3qf1jb94lpkf5qmirflo4i2o
www2.ekii-net.com.asfwxzs.top/ Name: token
Value: 687e44122104ecefaaa946cdb89e0e26

2 Console Messages

Source Level URL
Text
other warning URL: https://www2.ekii-net.com.asfwxzs.top/dist/#/
Message:
Failed to decode downloaded font: data:font/woff;base64,PGh0bWw+DQo8aGVhZD48dGl0bGU+NDA0IE5vdCBGb3VuZDwvdGl0bGU+PC9oZWFkPg0KPGJvZHk+DQo8Y2VudGVyPjxoMT40MDQgTm90IEZvdW5kPC9oMT48L2NlbnRlcj4NCjxocj48Y2VudGVyPm5naW54PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo8IS0tIGEgcGFkZGluZyB0byBkaXNhYmxlIE1TSUUgYW5kIENocm9tZSBmcmllbmRseSBlcnJvciBwYWdlIC0tPg0KPCEtLSBhIHBhZGRpbmcgdG8gZGlzYWJsZSBNU0lFIGFuZCBDaHJvbWUgZnJpZW5kbHkgZXJyb3IgcGFnZSAtLT4NCjwhLS0gYSBwYWRkaW5nIHRvIGRpc2FibGUgTVNJRSBhbmQgQ2hyb21lIGZyaWVuZGx5IGVycm9yIHBhZ2UgLS0+DQo8IS0tIGEgcGFkZGluZyB0byBkaXNhYmxlIE1TSUUgYW5kIENocm9tZSBmcmllbmRseSBlcnJvciBwYWdlIC0tPg0KPCEtLSBhIHBhZGRpbmcgdG8gZGlzYWJsZSBNU0lFIGFuZCBDaHJvbWUgZnJpZW5kbHkgZXJyb3IgcGFnZSAtLT4NCjwhLS0gYSBwYWRkaW5nIHRvIGRpc2FibGUgTVNJRSBhbmQgQ2hyb21lIGZyaWVuZGx5IGVycm9yIHBhZ2UgLS0+DQo=
other warning URL: https://www2.ekii-net.com.asfwxzs.top/dist/#/
Message:
OTS parsing error: invalid sfntVersion: 1013478509

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000